Wiping Techniques and Anti-Forensics Methods

Olvecky, Miroslav; Gabriska, Darja

doi:10.1109/sisy.2018.8524756

Cited by 9 publications

(10 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…• It may be a threat and used in a data breach to target the consequences and aftermath is discussed in the below points. The destruction of any information such as Personally Identifiable Information, Financial Information, Health Information, Competition Information, Legal Information, IT Security Data [6].…”

Section: Disadvantages or Redkey As A Threatmentioning

confidence: 99%

Data Wiping Journey Through Redkey

Kumudavalli M V,

VidhyaShankar,

Gunav S

et al. 2024

Int Res J Adv Engg Mgt

View full text Add to dashboard Cite

Red Key is a powerful and trustworthy digital security system that grants users several advantages. Red Key guarantees the protection of sensitive data and reduces the risk of unwanted access with its increased security features. Red Key's user-friendly interface makes it simple for people to manage their security settings and offers a seamless user experience. Additionally, users can adjust their security preferences to their unique demands. The ability of Red Key to integrate with other security systems allows for smooth communication and collaboration, offering a complete security solution. Red Key receives regular upgrades to keep up with the most recent security protocols, protecting it from new attacks. Red Key is a trustworthy and effective digital security system overall. File Hex viewer which indicates the content on hard disk before and after the data wiping process, is a highlight of RedKey. It emphasizes on complete data-wiping process. The algorithm approach of RedKey makes the data-wiping process so unique that no other competitive device is capable of the same. This article emphasizes the working structural view of the device with its pros and cons making the end-user usage process simple.

show abstract

Section: Disadvantages or Redkey As A Threatmentioning

confidence: 99%

Data Wiping Journey Through Redkey

Kumudavalli M V,

VidhyaShankar,

Gunav S

et al. 2024

Int Res J Adv Engg Mgt

View full text Add to dashboard Cite

show abstract

“…As shown in Table 1, many wiping tools have been investigated including different versions of the same tool [12,[15][16][17][18][20][21][22]24]. These studies suggest investigating wiping tools using file system forensics for the Windows platform.…”

Section: Related Workmentioning

confidence: 99%

“…A study concluded that some tools perform poorly and lack the ability to wipe sensitive data raising questions about their reliability [15]. A study surveyed many data wiping techniques used by wiping tools and found that the most common technique used is DoD 5220.22 M [16]. This technique uses 3 passes, and the technique makes it impossible to recover the wiped data.…”

Section: Related Workmentioning

confidence: 99%

Forensic analysis of anti‐forensic file‐wiping tools on Windows

AlHarbi

Alzahrani

Bhat

2021

Journal of Forensic Sciences

View full text Add to dashboard Cite

This paper presents forensic analysis of anti‐forensic file‐wiping tools on the Windows platform. The goal is to identify and extract the evidence of the tools used to wipe files and the files wiped by them on the Windows operating system. To achieve this goal, we analyzed the changes made by these tools to metadata structures of Windows file systems during file wiping. We also analyzed Registry keys and .lnk files to collect the evidence. Our experiments used four file‐wiping tools (SecureDelete v1.0, Secure Eraser v5.2, PC Shredder v1.1, and Blank and Secure v5.88) to wipe files on three Windows file systems (FAT32, exFAT and NTFS). The results suggest that FAT32 and exFAT file system directory structures and $MFT entries of NTFS file system can confirm the use of wiping tools, identify these tools and provide the remnants of the wiped files. Also, $LogFile and $UsnJrnl files of NTFS file system, and Windows Registry keys provide detailed evidence of wiping tools used and the files wiped by them. We also found that the contents of resident and non‐resident alternate data streams, $LogFile and $UsnJrnl files, and Windows Registry keys are not wiped by these tools. Finally, this study makes many recommendations, highlights the limitations of the work and points out the future scope.

show abstract

“…There are four types of anti‐forensic techniques, including artifact wiping, data hiding, trail obfuscation, and attacks against forensic technology [2, 3]. Among them, artifact wiping, particularly file‐wiping, can have a significant impact on forensic investigations as it overwrites the source of evidence with zeroes, known patterns, or random data [4, 5]. As it can erase evidence permanently, hinder investigations, and increase analysis time [6], determining whether the file‐wiping tool has been executed is crucial in digital forensics, which requires the rapid extraction of information from evidence.…”

Section: Introductionmentioning

confidence: 99%

A reference database of Windows artifacts for file‐wiping tool execution analysis

Joo

Lee

Jeong

2023

Journal of Forensic Sciences

View full text Add to dashboard Cite

Anti‐forensic technology can play an effective role in protecting information, but it can make forensic investigations difficult. Specifically, file‐wiping permanently erases evidence, making it challenging for investigators to determine whether a file ever existed and prolonging the investigation process. To address this issue, forensic researchers have studied anti‐forensic techniques that detect file‐wiping activities. Many previous studies have focused on the effects of file‐wiping tools on $MFT, $LogFile, and $DATA, rather than on Windows artifacts. Additionally, previous studies that have examined Windows artifacts have considered different artifacts, making it difficult to study them in a comprehensive manner. To address this, we focused on analyzing traces in 13 Windows artifacts of 10 file‐wiping tools' operations in the Windows operating system comprehensively. For our experiments, we installed each file‐wiping tool on separate virtual machines and checked the traces that the tools left behind in each artifact. We then organized the results in a database format. Our analysis revealed that most of the tools left traces on other artifacts, except for JumpList, Open&SavePidlMRU, and lnk. There were also some cases where traces remained on the other three artifacts. Based on our research, forensic investigators can quickly identify whether a file‐wiping tool has been used, and it can assist in decision‐making for evidence collection and forensic triage.

show abstract

Wiping Techniques and Anti-Forensics Methods

Cited by 9 publications

References 8 publications

Data Wiping Journey Through Redkey

Data Wiping Journey Through Redkey

Forensic analysis of anti‐forensic file‐wiping tools on Windows

A reference database of Windows artifacts for file‐wiping tool execution analysis

Contact Info

Product

Resources

About